User History files

The following lines in /etc/profile helps me to get the history
files of root access staff.
export HISTFILE=/home/root/history${history}/${LOGNAME}+' date "+%Y%m%
d_%H%M%S"'
export HISTSIZE
00

But my question is,how can I get the history files stored for each
individual user who logs in(like developers who doesn't have root
access and DBA accounts)?

Please assist me in this regard.I really need this to implement.

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Popular White Paper On This Topic

It is easy to loop through all users in your system by using the
/etc/passwd file. There can be several variables to the following
scenario, but basically, use the Group ID (GID) of a group of users to
determine their home directory. Then you can grab all their history
files--evan with users in multiple groups (eg 600 and 700) and even
different dir structures So given some /etc/passwd lines like:

The GID is in the 4th colon separated field and the HOME dir in the 6th:

1) Get all the groups and associated users and put them into a variable
(assuming that :gid_num: is a unique pattern on each line for GIDs):
home_dirs_of_users=$(egrep ":600:|:700:" /etc/passwd | cut -d":" -f6)

2) Use a loop to (copy or link) those to a directory
for i in ${home_dirs_of_users}
do
cp ${i}/.sh_history /tmp/root/histfiles # Make this directory first!
done

Shell scripting is one of the most valuable tools that you can have as a
system administrator, because you do not have to re type commands over
and over. If you can, get some UNIX training in shell programming. All
the above is easy if you know how. Hope this helps.

I totally agree with Wayne that scripting is one of the most powerful
features of any *nix os. The whole purpose of computing is to automate
repetitive tasks.
I wrote the following with the tips from Wayne's note:

I still wish I could get the user's name into the file where I am not
just cat'ing in a file full of "****".
I decided to go with a cat >> instead of the cp because I think Wayne's
script would have overwritten the output file with everyone's
..sh_history file.

I have implemented the following script on one of my servers.But
only one .sh_history file is creating for only one user.I think its
over writing each user's history file.I would like to get each user
name+date history files to be copied in /tmp/root/histfiles.I know
there will be a way.I am going to try but meanwhile if you have
something ready,then it will be greatly appreciated as now, if you
can send over.

**********************************************

home_dirs_of_users=$(egrep ":200:" /etc/passwd | cut -d":" -f6)

for i in ${home_dirs_of_users}
do
cp ${i}/.sh_history /tmp/root/histfiles
done

**********************************************

Thanks in advance for your valuable time....

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

But I didn't understand what is splats in the following line from
your script?

cat splats >> /tmp/histfiles/.sh_history

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

You are welcome.
I was trying to format the output a little. I would like to have put the
users name and the current time stamp as a header over each users
history file.
I settled for a line full of "*".
"splats" is just a file I created with a single line of "splats"
(********************)

Thank you again.But about users name and the current time stamp as a
header over each users history file, if you happen to figure out the
way please do let me know.I really need to implement this.

Thanks in advance!

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

When /etc/profile works for root logs why can't it work for normal
users(developers)? I liked the way it logs for root equivalent and
root .sh_history. Is /etc/profile is for system wide or just for
root?

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

caused $i to be set to "sblue:!:240:1:Stella" and then
"Blue:/home/sblue:/usr/bin/ksh" on successive iterations of the loop.

I made a few attempts to work around this before arriving at the above
solution, but I'd still like to know if there's a way of forcing $i to hold
entire lines rather than just lines up to the first space.

The last two lines place an entry in the history file to indicate the
user's name and login time. Note: It's a hack, since I don't fully
understand the format of the file, and it doesn't always work.
Specifically, you do *_not_* get the login info the first time the file
is created, and I don't know why.

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

From the above script, Instead of sending the output to one file by
appending (cat ${i}/.sh_history >> /tmp/histfiles/.sh_history), Is
there a way that I can send each user's .sh_history file into a
separate file?

If the above is possible, then once I get those separate files, I
will compare the current file with the prior file, and if there is
difference, then only I will copy that .sh_history file.

Appreciate for any help???

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Any advice!I have been trying but not able find the solution so
far...I am trying to send into an individual file.But I couldn't
accomplish..

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Now I am getting separate user history files.And for the date I was
running another script every morning to send date to the .sh_history
files as below:

#!/usr/bin/ksh

home_dirs=$(egrep home /etc/passwd | cut -f6 -d":")
for i in ${home_dirs}
do
date >> ${i}/.sh_history
done

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Nope,this doesn't work for the normal users,it is only working for
the users who are under system group.I know that this will be
overridden by users home profile.But is there a way I can do
something to work for all the users who logins to the server??

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Is there anyway that I can set any variable to log the
users .sh_history files in /etc/environment file?Any ideas???

I have a script setup as noted yesterday.But I am just wondering
if /etc/environment resolves my issue.

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

No it doesn't give any error.But it doesn't work for the users
though....

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Is this anything to do with SP cluster servers.Because I have
implemented your script in /etc/profile on SP server since users
logs on this server.

Or do you think any other settings will impact.Please do drop if any
one have idea about this,since if it works I really appreciate it.

Besides this,now I can get the users .sh_history file with the
script I was talking about in my last postings.But the problem with
that is I get all the users in /etc/passwd .sh_history files.But I
need only the people who logs in,those users history files.Probably
I need to work on "w" command and grep for the users and again I
need to "comm" the old file to the new file and only the difference
I should append to the .sh_history+username.I working on it
though.....

But meanwhile if your script works in /etc/profile,that will be so
great!!!!I couldn't figure out the problem why it wasn't working on
my SP server,when it is working on all your servers...

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

This is working.That was permissions problem.I gave 700 thinking
that users should not access that file.when I gave 777 it is
working.Can you please let me know exactly what permission do I need
to give?? You said something like drwxr_xr_t ,I didn't understand
for t?Can you please let me know about this if you have time or
thats fine I will try that part.

I am so happy that it is working now,this is what I am looking
for,all these days....I really appreciate your help..

Thanks a lot!

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Can I get a copy of the same shell script and install / run instructions to
save / backup the .sh_history file because I am floating in the same boat as
you were i.e. in my company more than one persons have root access, no su
and thery are playing with the system files, which is unaccebtable.

Anyways,Now I have two ways to gather all the users history
information.One is through /etc/profile as a global way and the
other is through korn shell script.

Method one:(I prefer this because its easy to maintain once you
implement in /etc/profile.I didn't use the owner variable,but you
can play with it though...,I tried for all the flavors of unix like
(AIX,Tru64,Linux and HPUX.All you need is to just implement
in /etc/profile file.)

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

A file or directory in the path name does not exist.
./finallogs.ksh[19]: /tmp/histfiles/.sh_history_me/abc: 0403-005 Cannot
create
the specified file.
A file or directory in the path name does not exist.
./finallogs.ksh[19]: /tmp/histfiles/.sh_history_me/efg: 0403-005 Cannot
creat
e the specified file.
A file or directory in the path name does not exist.
./finallogs.ksh[19]: /tmp/histfiles/.sh_history_me/hij: 0403-005 Cannot
creat
e the specified file.
A file or directory in the path name does not exist.
./finallogs.ksh[19]: /tmp/histfiles/.sh_history_me/klm: 0403-005 Cannot
creat
e the specified file.
A file or directory in the path name does not exist.
./finallogs.ksh[19]: /tmp/histfiles/.sh_history_me/mno: 0403-005 Cannot
creat
e the specified file.

Please check the permissions on /tmp/histfiles/.sh_history_me
and /tmp/histfiles.You should give write permissions.I gave 1773
permissions.

Good luck

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

##########################
Please note you need to create a directory called history under /var
and also set the permisions on it to 777. This will the create a
directory for each user and ip address they log on from.

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

Remember long time back we discussed about the /etc/profile, where
it can log the user history log files.I was happy when it was
working but I didn't understand why the .sh_history file is not
updating under the user's home directories but it is logging
under /var/adm/ksh_hist directory.

What could be the reason behind?

Can anyone guess the idea?

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

I thought there will be a copy under user's home
directory .sh_history file too..

Thanks

IMPORTANT NOTICE: This message and any attachments are solely for the intended recipient and may contain confidential information which is, or may be, legally privileged or otherwise protected by law from further disclosure. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this e-mail and any attachments is prohibited. If you have received this communication in error, please notify the sender by reply e-mail and immediately and permanently delete this e-mail and any attachments.

I have this added to the end of the .profile. It time stamps each
command. I usually use it for root. Since I do not allow direct root
access from anywhere but the console. Everyone with access must su.
This function records who did what and when. It is not perfect, but it
works for my purposes. As with much I have seen about this, a user can
go in an delete entries if they want to. Note I did not write it, I
just use it.

I've checked every tips here about timestamp settings on
.sh_history. When we talking about it on 5.3 level, I do know
how to work it out via default new systeme parameter seetings.
My current point is just on the 5.2 level. Check many script on
many forum, seems seldom work:( I will running Ur script on my
5.2 system tomorrow. Show my appreciation from China;)

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.